Accept self signed SSL certificates to be able to sync securely with Rainy

Bug #1153289 reported by Stefan Hammer on 2013-03-10
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Tomdroid
Status tracked in Stable
Beta
Fix Released
High
Unassigned
Stable
Fix Released
Undecided
Unassigned

Bug Description

We need to accept self signed SSL certificates to be able to sync securely with Rainy.

Ideally it would look like this:
On authentification (and on any other sync, the certificate could change...) we should catch the ssl exception,
extract the certificate and show it to the user.
If the user agrees, we will store the certificate and use it.

For a quick fix we could just accept all certificates. There is of course the chance of a man in the middle attack in this case.

further reading:

http://nelenkov.blogspot.co.at/2011/12/using-custom-certificate-trust-store-on.html

http://developer.android.com/training/articles/security-ssl.html#UnknownCa

http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https

Tags: ssl Edit Tag help
description: updated

Added the quick hack and will report a new bug for the proper one!

Changed in tomdroid:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers